cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Error when adding team members to an initally created team folder via http endpoint

Error when adding team members to an initally created team folder via http endpoint

1575475
Explorer | Level 3
Go to solution

I'm making REST calls to the DBX HTTP endpoint from within SAP. My app has full dbx access and all possible rights.
Creating a team folder works flawlessly but when trying to add members to that folder via the /sharing/add_folder_member API I get a strange error:

Error in call to API function "sharing/add_folder_member": Invalid authorization value in HTTP header "Authorization": "Basic <some base64 string>"
Expecting "Bearer <oauth2-access-token>"

I do provide an bearer oauth2 access token for app authentication (app ) and my user id (as admin) for the "Dropbox-API-Select-Admin" header parameter.
Also a list of users to be added to the team folder.
As soon as I make the REST call something unexpected happens: A popup window appears and I have to enter my dbx credentials.
After that above error occurs.

Things I don't get at all:
- why I have to authenticate myself as admin since an app access token is provided and the app has full dbx access and all possible rights?
- why the bearer token is ignored?

How can I fix this? Please advise.

Thanks,
Jan

 

P.S.: I just tried to access the endpoint using curl

 

curl -X POST https://api.dropboxapi.com/2/sharing/add_folder_member \
--header 'Authorization: Bearer <created access token using refresh token>' \
--header 'Dropbox-API-Select-Admin: dbid:<my team member  id>' \
--header 'Content-Type: application/json' \
--data '{"shared_folder_id":"<team folder id>","members":[{"member":{".tag":"dropbox_id","dropbox_id":"dbid:<my user id>"},"access_level":{".tag":"editor"}}],"quiet":false,"custom_message":"Test"}'

 

and got "missing scope ..." and "required scope sharing/write"

 

18 Replies 18

Здравко
Legendary | Level 20
Go to solution

Hi @1575475,

The action, you are trying, seems not granted to you (your access token) for some reason. The translation "berechtigt"->"authorized" is not fairly correct. :beaming_face_with_smiling_eyes: Once you get receiving this error message you application seems completely "authorized", otherwise you would not be able get to here. :winking_face:

Possible reasons can be non confirmed scope on authorization and as a result particular scope stay inactive, in spite it has been selected, or you are doing something, that expect admin access, but you skipped represent yourself as admin (or specific team member).

Post exact request that results in such error, at least (with masked access token). May be useful to gets clear if you have some scopes entry in your authorization request and if so, how it looks like.

Greg-DB
Dropbox Staff
Go to solution

@1575475 As Здравко said, it would be helpful to see the actual request to troubleshoot this further. From your description though, are you trying to call /2/sharing/share_folder on the team folder itself, which you created using /2/team/team_folder/create? You don't need to "share" a team folder, since it is already "shared". (Team folders are essentially a type of shared folder.) You can use /2/sharing/add_folder_member to add members to it.

1575475
Explorer | Level 3
Go to solution

Hi Greg, hi Sdrawko,

 

thank you again for your input. In the meantime I've created a Postman script which also fails. Here're the details:

URL: https://api.dropboxapi.com/2/sharing/add_folder_member

Header parameters

Screenshot 2022-09-27 091901.jpg

The app token has been fetched a couple of minutes before and I've double checked my team member id. Since this id is used in various other calls it has to be ok.

 

JSON Body

{"custom_message":"Test","members":[{"access_level":"editor","member":{".tag":"email","email":"jan.buchholz@karon.de"}}],"quiet":true,"shared_folder_id":"3032413665"}
 
Screenshot 2022-09-27 094056.jpg
(Output of list team folders, just to check that the folder id is correct)
What I don't understand here is that the "team shared" flag is set to false. In ABAP space=false and "X"=true.
 

Response with status 409 (conflict)

{
    "error_summary""no_permission/..",
    "error": {
        ".tag""no_permission"
    },
    "user_message": {
        "locale""de",
        "text""Sie sind nicht berechtigt, diese Aktion durchzuführen."
    }
}
App permission
Screenshot 2022-09-27 092717.jpg
 
After rectifying the ominous popup issue, I think that the API I've created is in a "mature state" and doesn't contain any more errors.
Any other calls (list folder, create folder, upload file, download file, delete file, get_metadata, list team members, list team namespaces, list team events, etc.) work flawlessly.
Now, as even the Postman script fails, IMHO the problem must be somewhere else. But, I'm running out of clues :disappointed_face:
 
BTW, since I'm already member of the team folder, I'd expect some kind of error message, but not permission related at all.
 
Best regards,
Jan
 
 
 

 

Здравко
Legendary | Level 20
Go to solution

@1575475 wrote:
...
Screenshot 2022-09-27 094056.jpg
(Output of list team folders, just to check that the folder id is correct)
What I don't understand here is that the "team shared" flag is set to false. In ABAP space=false and "X"=true.
 

...


There is not exactly "IS_TEAM_SHARED", so most probably your are referring to "is_team_shared_dropbox" (which means is this a team root or not :winking_face:). In all cases it's a team folder.

 

There are different reasons (wide spread of such) that can lead to wrong result. Let's do one more step to clarifying. Execute something like following:

curl -X POST https://api.dropboxapi.com/2/sharing/get_folder_metadata \
  --header 'Authorization: Bearer sl.BQAwolS9uZkZOnfZtpVoQIbNSX...' \
--header 'Dropbox-Api-Select-Admin: dbmid:AACAstOvwj3lJYBziCcpdksycjMM-...' \ --header 'Content-Type: application/json' \ --data '{"shared_folder_id":"3032413665","actions":[{".tag":"invite_editor"},{".tag":"invite_viewer"}]}'

...or represent the same request as you like (is easier to you). Can you post the result? 🧐 There can be some clue.

1575475
Explorer | Level 3
Go to solution

Hi Sdrawko,

thank you for your help. 

Regarding the "IS_TEAM_SHARED" field: What you see is the SAP internal field, it is mapped correctly to the original metadata field.

I internally used some shorter name to spare horizontal space :slightly_smiling_face:

 

I ran your script with Postman and got the following result:

{
    "access_type": {
        ".tag""owner"
    },
    "is_inside_team_folder"false,
    "is_team_folder"true,
    "owner_team": {
        "id""dbtid:AABm0erI_vc6S9THU9dZ32uHg68XlhP1TNM",
        "name""Karon Beratungsgesellschaft mbH IUL"
    },
    "name""KARON_TEAM_ON_PRD_TEST_001",
    "permissions": [
        {
            "action": {
                ".tag""invite_editor"
            },
            "allow"true
        },
        {
            "action": {
                ".tag""invite_viewer"
            },
            "allow"true
        }
    ],
    "policy": {
        "member_policy": {
            ".tag""anyone"
        },
        "resolved_member_policy": {
            ".tag""anyone"
        },
        "acl_update_policy": {
            ".tag""editors"
        },
        "shared_link_policy": {
            ".tag""anyone"
        },
        "viewer_info_policy": {
            ".tag""enabled"
        }
    },
    "shared_folder_id""3032413665",
    "time_invited""2022-09-20T10:57:59Z",
    "access_inheritance": {
        ".tag""inherit"
    }
}
 
Best regards,
Jan
 
 
 
 

Здравко
Legendary | Level 20
Go to solution

Wow... that's going be something really strange. According to your last post you should be able add (invite) a member. :thinking_face:🤷 I can't say something more.

You can try repeat execution of the failing request and catch the response header block. There should be a header 'x-dropbox-request-id'. Post this header's value and let's hope Greg will be able find out something more.

Good luck.

1575475
Explorer | Level 3
Go to solution

Hi Sdrawko,

just added some lines of code to my method to fetch the response header fields.

Here're the values straight out of the debugger :slightly_smiling_face:

 

~response_line HTTP/1.0 409 Conflict
~server_protocol HTTP/1.0
~status_code 409
~status_reason Conflict
cache-control no-cache
content-security-policy sandbox allow-forms allow-scripts
x-content-type-options nosniff
content-type application/json
accept-encoding identity,gzip
date Tue, 27 Sep 2022 13:46:25 GMT
server envoy
content-encoding gzip
vary Accept-Encoding
x-dropbox-response-origin far_remote
x-dropbox-request-id 0b7745ec6a394c35861332368f0f641d
connection close

 

Best regards,

Jan

 

 

 

Greg-DB
Dropbox Staff
Go to solution

@1575475 Apologies for the lack of clarity here. For team folders in particular, you need to add members via groups; you can't add them individually. I'll ask the team to see if we can clarify this in the documentation and error response.

 

For example, you would set the "members" parameter like:

"members":[{"member":{".tag":"dropbox_id","dropbox_id":"GROUPIDHERE"}}]

 You can get group IDs from /2/team/groups/list, etc.

1575475
Explorer | Level 3
Go to solution

Hi Greg, hi Sdrawko,

 

many, many kudos to the both of you for your most valuable help!

I now know how to proceed ...

 

Best regards,

Jan

 

Need more support?